"TIES for Microsoft CityNext provides cities with a number of exciting, agile cloud-based services in areas where innovation, traditionally, has been slow. This service helps cities leverage the economic and resiliency advantages of the cloud, almost immediately."
Enables city and regional leaders and other personnel to make faster, better, and more informed decisions in response to breaking events – and in support of daily operations.
TIES for Microsoft CityNext delivers agile situational intelligence and alerting services to help protect citizens, schools and critical infrastructure, and enhance daily operating effectiveness across the organization. TIES for Microsoft CityNext provides leaders, staff, and responders access to a 360 degree view of their city or region, including important real-time public and private intelligence channels—ranging from weather warnings, 911 alerts, and and internal notifications to social media, video monitoring and cyber threat intelligence. TIES aggregates and manages potentially thousands of live information streams to provide actionable intelligence dashboards and a complete suite of smart and mobile alerting capabilities to ensure authorized participants have the timely information they need.
Click to Enlarge
Last month in Boston I spoke to a group of board directors. It was a room filled with real pros—men and women who serve on the boards of major companies. Many of them serve on more than one board, and I met several people who sit on four.
Their interest in cyber security was high—the issue is definitely on their radar. Some were more knowledgeable than others. But all seemed to appreciate the severity of the problem, and were eager to learn what they could do to help.
I gave the day’s opening keynote, talking about the current state of information security (not good), and suggesting that cyber security is now a board-level issue. No one disagreed.
The attendees were an impressive group—I wish members of Congress were half as smart and dedicated—but for the most part, they had no idea what their boards should be doing to protect against cyber attacks and prevent data loss.
After giving this matter some thought since the event, here are my recommendations of what board directors can do to improve cyber security:
- Require that management provide the board with IT performance metrics, just as it provides financial metrics. If you want an internal function to improve, first you need to measure it.
- Create a cross-functional cyber security leadership group within management that reports directly to the CEO, but which also meets periodically with the board. This group’s primary mission is to make sure that the enterprise’s cyber defense efforts are well coordinated, across departments. A secondary purpose is to provide board directors with direct access to key cyber security decision-makers.
- Provide leadership regarding internal human cyber risk. SANS’ research director Alan Paller said recently that over 90% of all major cyber attacks are caused by human error. Human error is a huge problem, and boards can help jump-start efforts to reduce this risk.
- Hire the best CISO (Chief Information Security Officer) that you can find, and make sure he or she has excellent communication skills. Information security is a critical function of every department, and the CISO must be as much teacher and evangelist as technician.
- Be proactive. Send a message from the top. Cyber security is important. Don’t merely wait for the next attack to respond. Start asking to see attack mitigation plans (because you will be attacked); ask you internal cyber experts if compliance to your industry’s standards is enough to assure real protection (it’s not); get to know that new CISO you hire; ask questions about cyber security, at every opportunity.
These measures can help reduce existing cyber vulnerabilities. But the larger value of taking these actions is that they will begin to get the board directly engaged in cyber security issues. Because when a hack hits the fan, and Wall St. and the SEC are calling, the board will have a critical role in making the fast, smart decisions necessary to reassure customers, and preserve corporate value.